News

Brute-Force Malware Now Targeting Email and FTP Servers

A dangerous piece of malware, which has been attacking websites using popular content management systems such as WordPress and Joomla, has now evolved and begun to target email and FTP servers.

Known as Fort Disco, the malware was originally discovered back in August and is believed to have infected more than 25,000 Windows systems and used to guess the passwords on over 6,000 WordPress, Joomla and Datalife Engine websites – platforms that are all popular with small and medium-sized businesses.

According to a report by PCWorld, once on a computer, the malware is able to periodically connect to a command-and-control server to receive instructions, which include lists of websites to target along with passwords to try.

Now it seems that the same malware is brute-forcing POP3 servers that are widely used for email authentication and FTP sites, most notably, of course, Gmail and Outlook (formerly Hotmail).

The Swiss blog Abuse.ch has been forensically analysing Fort Disco and has revealed that the command-and-control (C&C) server being used responds with a list of domain names and their accompanying mail exchanger (MX) records, which are used to specify the servers that are handling the email service for the particular domain.

Abuse.ch also noted that the C&C server supplies a list of standard email accounts for the malware to attempt to brute-force the password.

Another group of researchers over at Shadowserver, a botnet-tracking organisation, told the Swiss researchers that they have seen the malware being used to brute-force FTP credentials with the same methodology.

Take control before the botnets do

It’s clear what the end goal of Fort Disco is – to take control. Whether its webmail, CMS or FTP, the idea is to use brute force to get in and take over your system. Server-side hosts give botnets the chance to control numerous websites at once and carry out DDoS attacks and widespread spamming. The way for you to stop botnets doing this is to take control of your system before they do. You can do this by installing cloud web security.

At ITWiser, we have developed our cloud web security service to prevent malware just like Fort Disco, by employing advanced antivirus protection and a powerful antispyware and antimalware engine that routinely scans for, and blocks, any threat at cloud level.

To take advantage of the peace of mind that cloud web security offers, get in touch with us today by clicking on this link.

Latest News

A major enterprise technology vendor has been involved in a major data breach however the name of this company remains unknown. A few weeks ago, an employee called Jeff left his job at their Singaporean branch, not long after Jeff left he decided to google his old ID number which left him very d ..

It has been reported yesterday that thousands of websites from all around the world have been breached. The websites affected vary from the UK’s NHS (https://www.nhs.uk/pages/home.aspx) and ICO (https://ico.org.uk/) to the US government’s court system, all the affected websites were ..

It has been reported a group of scammers have been trying to impersonate the FBI (https://www.fbi.gov/). Further reports suggest that the scammers may have bitten of more than they can chew, the scammers aim is to spread malware across as many machines as possible.
The Internet Crime Compla ..